September 24, 2018, 05:26:29 pm
Username:

Password:

Topic: FOnline multi-client  (Read 357 times)

moogle

  • Posts: 3
    • View Profile
FOnline multi-client
« on: March 25, 2018, 06:22:55 pm »
Hello everyone. I wanted to create a faction, but my friends couldn't find the time to assist me in a timely manner. So I took matters in my own hands.

I remember from FOR Season 2 that FOnline.exe would not bitch about being run twice. That's no longer the case, so I used my favorite disassembler to see which part of the code is causing me problems. Here are my findings:

Code: [Select]
FOnline.exe, size 3949568 bytes, SHA256 ad1bc7dc79988c36b62f250cb24b5403a168549ffedf8a9f5bbb437bfe9717e1
This is the original file we're looking for. We need to go to the following addresses and change these bytes into these values:

Code: [Select]
00110EA9: 0F E9
00110EAA: 84 1B
00110EAB: 61 00
00110EAC: 01 00
00110EAE: 00 90

The original code from 0x00110EA9 is 0F 84 61 01 00 00, which means "jump by 32 bit variable 0x00000161 if the result of a comparison is 0". This jump gets us into shit creek where the client complains about there already running an instance of FOnline client and promptly shuts down.
This instruction is 6 bytes long, and the one we want to make is going to be 5 bytes long: E9 1B 00 00 00 - jump unconditionally by 0x0000001B bytes.
So the problem with this is that we're left with 1 byte, 0x00110EAE, being 0. Operand 0 in x86 means "do an 8bit addition on what follows" which is clearly disruptive bullshit in the course of execution. So if we somehow manage to screw up the execution pointer and have it land our CPU's instruction decoder on that address, we need to do the least disruptive thing - no operation, 0x90.

Hope this helps. Enjoy!

Leftover

  • Posts: 17
    • View Profile
Re: FOnline multi-client
« Reply #1 on: March 25, 2018, 07:26:04 pm »
here you have fonline.exe which allow you to multirun - https://uploadfiles.io/feuby

moogle

  • Posts: 3
    • View Profile
Re: FOnline multi-client
« Reply #2 on: March 25, 2018, 09:06:52 pm »
here you have fonline.exe which allow you to multirun - https://uploadfiles.io/feuby
I would rather not go that route because
  • Redistributing that exe is probably in violation of FOnline license. This is true for all questionable licenses and I am not in the mood to deal with copyright trolls.
  • You could easily embed unsolicited code at the end of the exe which forks its main course into the background and comes back to the ordinary execution of the FOnline client in order to maintain its disguise. For example, you could embed ransomware or a cryptocurrency miner. The best way to be sure that code does not contain unsolicited code is to make such changes yourself.

Leftover

  • Posts: 17
    • View Profile
Re: FOnline multi-client
« Reply #3 on: March 26, 2018, 12:28:32 pm »
1. you can distribute exe (and any part of FOnline content) as long as it stay non-profit and keeps "FOnline" as name. thats all about license.  not mention that you can get such exe on fonline.ru (official forum of fonline creators).
2. if you are so damn smartass you can easily decompile that exe and check there is no crap added. common smartie, do it
« Last Edit: March 26, 2018, 12:41:59 pm by Leftover »

moogle

  • Posts: 3
    • View Profile
Re: FOnline multi-client
« Reply #4 on: March 26, 2018, 08:31:42 pm »
1. you can distribute exe (and any part of FOnline content) as long as it stay non-profit and keeps "FOnline" as name. thats all about license.  not mention that you can get such exe on fonline.ru (official forum of fonline creators).
2. if you are so damn smartass you can easily decompile that exe and check there is no crap added. common smartie, do it
1. Fair enough.
2. I don't have a license for a decompiler, which comes with a purchased copy of IDA Pro. I only use IDA Freeware because I can't afford a license.

cthulchu

  • Supporter
  • Posts: 186
    • View Profile
Re: FOnline multi-client
« Reply #5 on: May 09, 2018, 03:48:59 am »
omg... I'll just leave it here: https://fodev.net/forum/index.php?topic=29900.0